CVE-2019-12415

In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convertuser-provided Microsoft Excel documents, a specially crafted document canallow an attacker to read files from the local filesystem or from internalnetwork resources via XML External Entity (XXE) Processing.